|
*--* 07-24-94 - 09:16:12 *--* Article #14579 (14833 is last): Date: Thu Jul 21 11:04:03 1994 4747 misc.legal:23608 sci.crypt:8954 talk.politics.crypto:5591 Path: freenet.victoria.bc.ca!suncad.camosun.bc.ca!nntp.cs.ubc.ca!newsxfer.itd.umich.edu!europa.eng.gtefsd.com!howland.reston.ans.net!cs.utexas.edu!not-for-mail From: mech@eff.org (Stanton McCandlish) Newsgroups: alt.2600,alt.activism,alt.activism.d,alt.politics.datahighway,alt.politics.org.nsa,alt.privacy,alt.privacy.clipper,alt.security.pgp,alt.society.resistance,alt.wired,comp.org.cpsr.talk,comp.org.eff.news,comp.org.eff.talk,misc.legal,sci.crypt,ta lk.politics.crypto Subject: White House retreats on Clipper Date: 21 Jul 1994 13:04:03 -0500 Organization: UTexas Mail-to-News Gateway Lines: 161 Sender: nobody@cs.utexas.edu Approved: mech@eff.org Distribution: inet Message-ID: <199407211803.OAA13096@eff.org> NNTP-Posting-Host: news.cs.utexas.edu Yesterday, the Clinton Administration announced that it is taking several large, quick steps back in its efforts to push EES or Clipper encryption technology. Vice-President Gore stated in a letter to Rep. Maria Cantwell, whose encryption export legislation is today being debated on the House floor, that EES is being limited to voice communications only. The EES (Escrowed Encryption Standard using the Skipjack algorithm, and including the Clipper and Capstone microchips) is a Federal Information Processing Standard (FIPS) designed by the National Security Agency, and approved, despite a stunningly high percentage anti-EES public comments on the proposal) by the National Institute of Standards and Technology. Since the very day of the announcement of Clipper in 1993, public outcry against the key "escrow" system has been strong, unwavering and growing rapidly. What's changed? The most immediate alteration in the White House's previously hardline path is an expressed willingness to abandon the EES for computer applications (the Capstone chip and Tessera card), and push for its deployment only in telephone technology (Clipper). The most immediate effect this will have is a reduction in the threat to the encryption software market that Skipjack/EES plans posed. Additionally, Gore's letter indicates that deployment for even the telephone application of Clipper has been put off for months of studies, perhaps partly in response to a draft bill from Sens. Patrick Leahy and Ernest Hollings that would block appropriation for EES development until many detailed conditions had been met. And according to observers such as Brock Meeks (Cyberwire Dispatch) and Mark Voorhees (Voorhees Reports/Information Law Alert), even Clipper is headed for a fall, due to a variety of factors including failure in attempts to get other countries to adopt the scheme, at least one state bill banning use of EES for medical records, loss of NSA credibility after a flaw in the "escrowed" key system was discovered by Dr. Matt Blaze of Bell Labs, a patent infringement lawsuit threat (dealt with by buying off the claimant), condemnation of the scheme by a former Canadian Defense Minister, world wide opposition to Clipper and the presumptions behind it, skeptical back-to-back House and Senate hearings on the details of the Administration's plan, and pointed questions from lawmakers regarding monopolism and accountability. One of the most signigicant concessions in the letter is that upcoming encryption standards will be "voluntary," unclassified, and exportable, according to Gore, who also says there will be no moves to tighten export controls. Though Gore hints at private, rather than governmental, key "escrow," the Administration does still maintain that key "escrow" is an important part of its future cryptography policy. EFF would like to extend thanks to all who've participated in our online campaigns to sink Clipper. This retreat on the part of the Executive Branch is due not just to discussions with Congresspersons, or letters from industry leaders, but in large measure to the overwhelming response from users of computer-mediated communication - members of virtual communities who stand a lot to gain or lose by the outcome of the interrelated cryptography debates. Your participation and activism has played a key role, if not the key role, in the outcome thus far, and will be vitally important to the end game! Below is the public letter sent from VP Gore to Rep. Cantwell. ****** July 20, 1994 The Honorable Maria Cantwell House of Representatives Washington, D.C., 20515 Dear Representative Cantwell: I write to express my sincere appreciation for your efforts to move the national debate forward on the issue of information security and export controls. I share your strong conviction for the need to develop a comprehensive policy regarding encryption, incorporating an export policy that does not disadvantage American software companies in world markets while preserving our law enforcement and national security goals. As you know, the Administration disagrees with you on the extent to which existing controls are harming U.S. industry in the short run and the extent to which their immediate relaxation would affect national security. For that reason we have supported a five-month Presidential study. In conducting this study, I want to assure you that the Administration will use the best available resources of the federal government. This will include the active participation of the National Economic Council and the Department of Commerce. In addition, consistent with the Senate-passed language, the first study will be completed within 150 days of passage of the Export Administration Act reauthorization bill, with the second study to be completed within one year after the completion of the first. I want to personally assure you that we will reassess our existing export controls based on the results of these studies. Moreover, all programs with encryption that can be exported today will continue to be exportable. On the other hand, we agree that we need to take action this year to assure that over time American companies are able to include information security features in their programs in order to maintain their admirable international competitiveness. We can achieve this by entering into an new phase of cooperation among government, industry representatives and privacy advocates with a goal of trying to develop a key escrow encryption system that will provide strong encryption, be acceptable to computer users worldwide, and address our national needs as well. Key escrow encryption offers a very effective way to accomplish our national goals, That is why the Administration adopted key escrow encryption in the "Clipper Chip" to provide very secure encryption for telephone communications while preserving the ability for law enforcement and national security. But the Clipper Chip is an approved federal standard for telephone communications and not for computer networks and video networks. For that reason, we are working with industry to investigate other technologies for those applications. The Administration understands the concerns that industry has regarding the Clipper Chip. We welcome the opportunity to work with industry to design a more versatile, less expensive system. Such a key escrow system would be implementable in software, firmware, hardware, or any combination thereof, would not rely upon a classified algorithm, would be voluntary, and would be exportable. While there are many severe challenges to developing such a system, we are committed to a diligent effort with industry and academia to create such a system. We welcome your offer to assist us in furthering this effort. We also want to assure users of key escrow encryption products that they will not be subject to unauthorized electronic surveillance. As we have done with the Clipper Chip, future key escrow systems must contain safeguards to provide for key disclosure only under legal authorization and should have audit procedures to ensure the integrity of the system. Escrow holders should be strictly liable for releasing keys without legal authorization. We also recognize that a new key escrow encryption system must permit the use of private-sector key escrow agents as one option. It is also possible that as key escrow encryption technology spreads, companies may established layered escrowing services for their own products. Having a number of escrow agents would give individuals and businesses more choices and flexibility in meeting their needs for secure communications. I assure you the President and I are acutely aware of the need to balance economic an privacy needs with law enforcement and national security. This is not an easy task, but I think that our approach offers the best opportunity to strike an appropriate balance. I am looking forward to working with you and others who share our interest in developing a comprehensive national policy on encryption. I am convinced that our cooperative endeavors will open new creative solutions to this critical problem. Sincerely, Al Gore AG/gcs ****** -- Stanton McCandlish * mech@eff.org * Electronic Frontier Found. OnlineActivist F O R M O R E I N F O, E - M A I L T O: I N F O @ E F F . O R G O P E N P L A T F O R M O N L I N E R I G H T S V I R T U A L C U L T U R E C R Y P T O Enter Command: